Intent to Remove: Calling getDisplayMedia() without user activation

[François Beaufort]

Contact emails

fbea...@chromium.org

elad...@chromium.org

Specification

https://w3c.github.io/mediacapture-screen-share/#dom-mediadevices-getdisplaymedia

Summary

Allowing getDisplayMedia() to be triggered without a user activation could be abused by malicious websites. To protect users, the spec was changed[1] to require user activation, and we are now following through in the Chromium implementation.

[1] https://github.com/w3c/mediacapture-screen-share/pull/106

Blink component

Blink>GetDisplayMedia

TAG review

N/A - enforcement of feature from an already-reviewed specification

TAG review status

Not applicable

Risks

Interoperability and Compatibility

Firefox and Safari's implementation already require user activation for calling getDisplayMedia().

As websites already handle getDisplayMedia() returned promise rejection for other cases such as user cancelling the browser prompt, I believe there’s no compatibility risk.

We still added[1] a UseCounter[2] to track use of this feature and noted near zero usage.

[1] https://chromiumdash.appspot.com/commit/07d3b42c85adbf2203c84a1c3f6fdf3f5338f5b6

[2] https://chromestatus.com/metrics/feature/timeline/popularity/4370

Gecko: Shipped/Shipping (https://bugzilla.mozilla.org/show_bug.cgi?id=1705289)

WebKit: Shipped/Shipping (https://bugs.webkit.org/show_bug.cgi?id=197356)

Web developers: No signals

Other signals:

Debuggability

Once the support is removed, calling getDisplayMedia() will throw an InvalidStateError with a clear error message.

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?

No - Supported on all Desktop platforms.

Is this feature fully tested by web-platform-tests?

Yes - https://wpt.fyi/results/screen-capture/getdisplaymedia.https.html

Requires code in //chrome?

False

Tracking bug

https://bugs.chromium.org/p/chromium/issues/detail?id=1198918

Estimated milestones

111

Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5090735022407680

[Mike Taylor]

LGTM1 - aligning with other browsers on this (and the spec!) is good. 0.0002% is indeed low.

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPpwU5%2Bd%3DaTdPF%3DC_RcNauDBdWNJ%2B%2Bosrn4Ok3u0WO4Lw9v%3DjQ%40mail.gmail.com.

[Rick Byers]

LGTM2

On Mon, Dec 19, 2022 at 10:41 AM Mike Taylor <mike...@chromium.org> wrote:

LGTM1 - aligning with other browsers on this (and the spec!) is good. 0.0002% is indeed low.

I'll also note that it's <1% the usage of getDisplayMedia, so even though this is a relatively niche feature, the vast majority of the usage should be unimpacted by this change.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/80a5acf9-78e8-eef9-5a7a-b2e89163a93d%40chromium.org.

[Daniel Bratell]

LGTM3

/Daniel

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFUtAY-WL%2B83EMBZ2t_mQRUcnnqxAXyEKf3FrGZNPrXFy_0Niw%40mail.gmail.com.